Hotfile is liable for the “staggering” amount of infringement it financially benefitted from, and it is not protected by the DMCA safe harbor for online service providers.

That is the conclusion of U.S. District Court Judge Kathleen Williams of the Southern District Court of Florida. Williams made the ruling August 28, but the decision had been under seal until this past Friday.

What makes this case notable is that it was brought by the five major motion picture studios (Disney Enterprises, Inc., Twentieth Century Fox Film Corporation, Universal City Studios Productions LLLP, Columbia Pictures lndustries, Inc., and Warner Bros. Entertainment Inc.) against a fairly popular filelocker service (at least at the time the suit was filed). This appears to be the first time an infringement lawsuit from major players in the creative industries had been brought against a filelocker service specifically — previous efforts have aimed at P2P services and the like. Add to that the fact that the suit was filed in Florida, outside the 2nd and 9th Circuits where the bulk of copyright litigation occurs, and you have a situation where the court is interpreting many DMCA provisions on a blank slate.

I had previously discussed the issues in front of the court and both parties’ arguments. That was over a year ago, which is an unusually long time between hearing and order on a summary judgment motion. Part of that may have been the sheer complexity of the issues; part of that may have been the aggressive litigation posture taken by both sides. The court diplomatically refers to the many “robust pleadings” filed without leave of court and notes, certainly an understatement, that “the parties do not agree on much.”

Whatever the case may be, the issue boils down to a familiar one. Hotfile, an “off-shore technology company” provides online file storage. As is often the case, infringing works are among the files that were stored and shared by Hotfile users. The film studios argued that Hotfile should be held liable for such infringement because it contributes to, encourages, or benefits from such infringement.

As the court explains, Hotfile’s storage locker service allows registered users to upload any file they want from their computer to Hotfile’s servers to be stored. The service automatically generates a link where the file can be accessed. The files or links are not otherwise private; any member of the public can access them so long as they know the link. Hotfile operated an affiliate program which paid users when they directed others to Hotfile file locations, encouraging affiliates to catalog and broadcast Hotfile links. Hotfile also provided premium service, which gave users additional file space and faster download speeds for a monthly fee.

The court begins with a careful, comprehensive discussion of the facts (nearly 35 pages worth). As we’ll see in a moment, the question of whether Hotfile had adopted and reasonably implemented a repeat infringer policy will play a key role in determining whether the service is protected by the DMCA safe harbor, but I do want to highlight the court’s discussion regarding the policy that was in place — some of these numbers are staggering. The evidence reveals that when the studios had filed their complaint, Hotfile had received a total of 10 million takedown notices for infringing content, yet had only terminated 43 users – 33 of those as a result of a court order from prior litigation. At the same time, nearly 25 thousand Hotfile users had accumulated more than three infringement notices; 61 of those users had over 300 notices each. After the litigation began, Hotfile adopted a “revamped” repeat infringement policy, and the results were dramatic: 444 of its 500 highest paid affiliates were terminated for repeated infringement.

The DMCA safe harbor and the repeat infringer policy

Turning to the legal issues, the court begins with the DMCA safe harbor. 117 U.S.C. § 512. As it notes, if Hotfile qualifies for the safe harbor, it is immunized from any liability for infringement. If it doesn’t, the court must then separately consider if Hotfile is liable. The court cites to the relevant legislative history of the DMCA to explain the law’s motivations in striking a balance between protecting creators’ rights and promoting the growth of online services.

The DMCA applies to online service providers, which Hotfile clearly is, and one of the safe harbors covers storage at the direction of the user, which the court says covers the activities at issue here. 2I note that the court glosses over one of the studios’ (admittedly far-reaching) arguments that the infringement in question was not within the scope of the storage safe harbor. The studios had argued that Hotfile’s practice of routinely deleting files that have never been downloaded was the antithesis of “storage” and thus not protected under the safe harbor.

The DMCA safe harbor requires that a service provider

has adopted and reasonably implemented, and informs subscribers and account holders of the service provider’s system or network of, a policy that provides for the termination in appropriate circumstances of subscribers and account holders of the service provider’s system or network who are repeat infringers. 317 U.S.C. § 512(i)(1)(A).

The court here turned to the legislative history and other courts to flesh out the details of this provision, since the terms are not defined in the statute. It determined that a policy is “reasonably implemented” if it terminates users, under appropriate circumstances, who “repeatedly or blatantly infringe copyright.” At a minimum, this means that a policy “must be capable of tracking infringers.” Hotfile, said the court, “effectively did nothing to tie notices to repeat infringers.” This, in addition to the breathtaking scope of infringement that Hotfile essentially ignored took the service provider outside the protection of the DMCA safe harbor. The court concluded:

Here, the scale of activity – the notices of infringement and complaints from copyright holders — indicated to Hotfile that a substantial number of blatant repeat infringers made the system a conduit for infringing activity. Yet Hotfile did not act on receipt of DMCA notices and failed to devise any actual policy of dealing with those offenders, even if it publicly asserted otherwise. It has presented no evidence to show that the small number of removals that did occur were for any reason other than threatened Iitigation or by court order. lndeed, it has been unable to point to a single specific user who was terminated pursuant to its policy of manual review and exercise of ”discretion.” Documents and statistics indicate that there was never any realistic threat of termination to Hotfile’s users, whose activities were protected by the company’s indifference to infringement notices. In sum, regardless of official policies forbidding infringement, Hotfile did not significantly address the problem of repeat infringers. This renders Hotfile’s policy legally insufficient under Section 512(i).

While this, on its own, was enough to kick Hotfile out of the safe harbor, the court continued to provide observations and conclusions on two other DMCA requirements. The first provides that service providers designate an agent to receive infringement notices and register the agent with the U.S. Copyright Office. Hotfile, however, did not register an agent until December 2009 and had not identified the agent on its website as required by the statute until May 2010. Additionally, the court suggested that Hotfile was still not in compliance with this requirement since it “to date, has not provided a proper mailing address for its registered agent insofar as it lists only a post office box,” contrary to Copyright Office regulations.

The second requirement is that a service provider cannot have either actual or “red flag” knowledge of infringement. But, as the court notes, the DMCA places limitations on this requirement. Under the statute, a service provider does not initially have a duty to affirmatively monitor for infringement. Courts have also determined that the statute requires the knowledge be of specific infringing activity rather than a general awareness of infringement, a determination that the court here adopts. At the same time, willful blindness is a form of knowledge, and courts have struggled with incorporating willful blindness into the DMCA consistent with its limitations on the knowledge prong — the court here notes the complexity of this inquiry but doesn’t attempt to clarify it.

Instead, it concludes that whether Hotfile had the requisite knowledge that would disqualify it from the DMCA safe harbor was a question that would need to be decided by a jury. This conclusion is a little odd procedurally, as the court had already granted summary judgment denying Hotfile’s DMCA defense, meaning the question of knowledge would never reach a jury, but perhaps Judge Williams wrote it anticipating an appeal.

Secondary liability for copyright infringement

Next the court turns to the question of infringement itself. As it notes, the DMCA safe harbor and secondary liability are independent inquiries (even though there is plenty of overlap between some of the factors and the evidence that is relevant to each). And while it has been a challenge for courts to apply common law secondary liability principles to new technologies, they still play an important role since copyright protections would be rendered meaningless if creators were limited to going after each individual infringers using such services.

Inducement and contributory infringement are discussed first. The court marches through some of the most relevant precedent here, including, among others, the Supreme Court’s Grokster decision, the recent Lime Groupdecision, and the Ninth Circuit’s Perfect 10. The court extracts from this precedent its own standard for examining contributory infringement, one that provides three separate avenues for establishing secondary liability:

First, while it may be unclear whether Grokster introduced a new category of Iiability based on inducement or whether it spoke to pre-existing notions of contributory liability, it is evident that a defendant will be liable for actually expressing an intention to foster infringement. If that intent is express or can otherwise be said to be ‘’unmistakable,’’ the Sony/Betamax defense will not apply and the defendant will be liable for aII acts of direct infringement committed using its system, as was the case in Grokster. Similarly, as explained in Amazon.com, where traditional principles permit a court to impute intent – for instance, where the defendant knows of specific infringing content available on its system yet fails to remove it – that defendant may be Iiable, by operation of Iaw, just as if he had actually intended to infringe under Grokster. Finally, contributory infringement may be found based on a material contribution theory in instances where a defendant did not express an intention to foster infringement but provided the means for infringement of distributed a commercial product that was subsequently used to infringe. Under that theory, the Sony/Betamax rule provides a backstop of liability, immunizing a defendant who demonstrates that noninfringing uses of the system are substantial.

Here, the evidence left a number of unresolved questions about whether Hotfile is liable under any one of these avenues, and the court concludes that “while Hotfile may have difficulty explaining its ‘innocence’ to a jury, the genuine issues of material fact must be resolved by a jury at trial.”

Less complex is the vicarious liability inquiry. The standard used by the court here is two pronged: one is vicariously liability if he (1) profits from direct infringement while (2) declining to exercise a right to stop or limit it.

The profit, or financial benefit, from infringement does not, the court observe, need to be a direct one, or even a significant one. It is enough that there is a causal relationship between infringement and benefit to satisfy this prong. And here, the court found that the evidence did establish a connection between infringement on Hotfile and its sales of premium subscriptions, concluding that “it is undeniable that it financially benefitted from [infringement] by attracting some users.”

The second prong was just as easily met. The infringing files were stored on Hotfile’s own servers, and it contractually retained a right to control uploaded files in its terms of service. As a matter of law, then, Hotfile is vicariously liable for copyright infringement.

Two final issues were addressed in the court’s order. First, the court held that Anton Titov, one of the primary corporate officers of Hotfile, is, as a matter of law, personally liable for any infringement along with Hotfile itself. And second, the court found that there was enough evidence to support Hotfile’s counterclaim against one of the studios involved, Warner. The evidence suggested that Warner intentionally sent takedown notices for files that it knew it had no right to remove.

While the decision has been a long time coming, and while it will take a long time to digest — it’s very thorough — this is likely only the beginning. Hotfile has already appealed the decision to the Eleventh Circuit.

I note that the court glosses over one of the studios’ (admittedly far-reaching) arguments that the infringement in question was not within the scope of the storage safe harbor. The studios had argued that Hotfile’s practice of routinely deleting files that have never been downloaded was the antithesis of “storage” and thus not protected under the safe harbor.

The opinion isn’t completely clear on what Hotfile’s counterclaim concerns since many of the juicy details are redacted out. The court does bring up Lenz and the notion that there might be a duty to consider fair use, but then the court doesn’t express an opinion either way on whether it thinks such a duty exists. It instead just focuses on the works that Warner apparently didn’t manage that it nevertheless sent notices for and says that’s enough for it to go to the jury. It’s a shame the court didn’t take a position on the duty to consider fair use or the propriety of using automated takedown notices.

Techdirt’s spin is easy to predict. It’ll focus on the counterclaim for misrepresentation as TorrentFreak did, and it’ll call the vicarious liability ruling a travesty while throwing out the usual tidbits about how stupid and scary secondary liability is.

Is it just me, or is the court’s application of the vicarious liability doctrine really broad? I’m trying to understand how, under this court’s reasoning, any service provider that permits users to store content wouldn’t be vicariously liable if that content is infringing.

Having reread the section, it is a bit unusual. The court discusses that some courts have taken a narrow view of financial benefit, while others have taken a broad view (none of the cases discussed here, by the way, are binding precedent). It cites a law review article criticizing the broad view — and then adopts, without explanation, the broad view.

On the other hand, the article it cites does note that the broad view is the “dominant” one adopted by courts, and it also notes that that the connection between infringement and benefit for Hotfile is less attenuated than in other vicarious liability cases such as Usenet. In the end, the court’s discussion of the evidence seems to indicate that even under a narrower application, it would’ve found Hotfile liable — calling the drop in Hotfile’s income after a repeat infringer policy was implemented “dramatic” and calling the link between financial benefit and infringement “undeniable.”

I wasn’t even thinking of the direct financial benefit prong since it seems clear enough that Hotfile directly benefited from infringement. It’s the right and ability to control prong that struck me as broad. I was incorrectly thinking of that prong under the DMCA, not the common law, and there it’s narrow… and broad! The Second Circuit discussed this last year:

In any event, the foregoing tension—elsewhere described as a “predicament” and a “catch22”—is sufficient to establish that the control provision “dictates” a departure from the common law vicarious liability standard. Accordingly, we conclude that the “right and ability to control” infringing activity under § 512(c)(1)(B) “requires something more than the ability to remove or block access to materials posted on a service provider’s website.” The remaining—and more difficult—question is how to define the “something more” that is required.

So in order to lose the safe harbor, the service provider has to have “something more” than a right and ability to control, whatever that means. And assuming that they don’t have this “something more” and that they keep the safe harbor, that allows them to escape the liability they would otherwise have under the common law for just having the right and ability to control without that something more. Thus, the narrowness of what it takes to lose the safe harbor protects the service provider from the broadness of the common law. That’s making my head hurt a bit!

That something more, according to the 10-3270, 10-3342 ruling that you are quoting from (at the moment of time of its release on April 5, 2012) is:
Perfect 10, Inc. v. Cybernet Ventures, Inc., 213 F. Supp. 2d 1146 (C.D. Cal. 2002)

Good call. The Second Circuit says that’s the only case where “something more” has been found such that the service provider lost the safe harbor for having “the right and ability to control” the infringing activity under 512(c)(1)(B)–and that’s just a district court opinion. The Second Circuit’s logic in reaching the “something more” conclusion strikes me as infallible. But what “something more” actually means in practice seems quite elastic. Regardless, since this “something more” can mean the difference between the safe harbor and strict liability (as Hotfile just found out), I think it’s fairly important. More important than I realized.

I agree with you on this point, but I think the court might respond that the safe harbor fences off the slippery slope. If 512(c) is to be “interpreted capaciously” (making it easier to meet safe harbor prerequisites), perhaps it makes sense to increase legal certainty by also attaching a broad “draw” interpretation to vicarious liability in this area, in the event that a service provider fails to meet those pre-req’s.

I suppose it’s also worth noting that the facts here may be extreme enough to fit a narrower interpretation of vicarious liability, setting the stage for future courts to cabin this holding.

I don’t think I appreciated before now how much work the safe harbor does for a service provider as far as vicarious liability is concerned. If the common law standard is that the “ability to block infringers’ access to a particular environment for any reason whatsoever is evidence of the right and ability to supervise,” Napster, 239 F.3d at 1023, then the safe harbor drastically reduces the liability that service providers would otherwise face since that would be true for just about all of them.

In the matter of sites that don’t police themseves, I’m starting to doubt that the DMCA offers any protection to any of these sites at all.
I don’t think any of these lawsuits have been argued correctly.

In the matter of sites that don’t police themseves, I’m starting to doubt that the DMCA offers any protection to any of these sites at all.

I think you could argue that it cuts the other way. The sites that do actively monitor and control themselves are only demonstrating that they have the right and ability to control themselves. It creates perverse incentives to not do so lest it be used against them down the road. I think Section 512(m) further incentivizes services providers not to monitor themselves since the fact that they don’t can’t be used against them.

Are you saying that they are actively trying to use willful ignorance as a way of pretending that they do not have a duty to self-police? It’s difficult to see how long a charade like that could exist.
There is a requirement to self-police if not protected by the DMCA as a service provider, and now, with this decision, probably a requirement to do the same even if you do supposedly have safe harbor protection; because if you are a site that receives an abundance of DMCA notices the court has now said that you have knowledge and must act. Failing to do so is now incriminating.

Are you saying that they are actively trying to use willful ignorance as a way of pretending that they do not have a duty to self-police? It’s difficult to see how long a charade like that could exist.
There is a requirement to self-police if not protected by the DMCA as a service provider, and now, with this decision, probably a requirement to do the same even if you do supposedly have safe harbor protection; because if you are a site that receives an abundance of DMCA notices the court has now said that you have knowledge and must act. Failing to do so is now incriminating.

I don’t think I understand the duty to police well enough to answer your question intelligently. I can understand it in the “real” world as with an employer-employee relationship, but it’s much less clear to me how that translates to websites with millions of users.

“Are you saying that they are actively trying to use willful ignorance as a way of pretending that they do not have a duty to self-police?”

Exactly. They’re saying “we only have a duty to deal with infringing content that we know about, and the law permits us to intentionally avoid knowing anything about the content we’re hosting.”

Note that this only works if they refuse to do anything but process properly-formatted DMCA notices–*and* if they process such notices immediately. If they start looking at the files to try and make a value judgement about whether they’re actually infringing, then they can’t claim “safe harbor through willful ignorance”.

I know nothing about Hotfile or its business, but as a DMCA agent I can tell you that the number of notices received is not an appropriate measure of the amount of infringement on the network or service. I have regularly received 20 notices within minutes for the same file and the same connection with only a few seconds difference in time stamp. Measured in terms of notices sent, there were 20. Measured in terms of unauthorized files being shared, there was one. This happens regularly.

“This happens regularly.”
I think you need to provide more details, don’t you? Where are the notices coming from and what are the files?
In any case, this doesn’t compare to the millions of notices sent to the sites that traffic infringing material. The sites we all know exist. This decision is going to have a profound impact on the sites that receive millions of notices.
Like, say for instance, Google. 😉

The DMCA applies to online service providers, which Hotfile clearly is,

Maybe the court is rejecting ITSELF to claim that it is. HotFile is ***NOT*** a service provider under 17 USC § 512(k)(1)(B), because that statute says AND, not OR. Plaintiffs do not argue the 17 USC § 512(k)(1)(B) statute and that is DISGUSTING.

Hotfile MUST provide Internet access, and all of its subdirectories of the SAME URL are not specific URLs. If they were, then 15 USC § 1125(d) applies TO ALL OF THEM. If they are specific URLs, then they would be DOMAINS. And if they are DOMAINS, then cybersquatting applies to every name that is “not real”. That is also $100K per violation + punitive + treble.

Case-law has “F’d” up this (k)(1)(B) provision, mainly destructive from Hendrikson v. Ebay (and others) where the judge(s) omit(s) the second half of that provision. There is NO OMISSION in the statute, and there is no confusion with (k)(1)(A). HotFile is NOT a service provider. If they are, then the exclusive right clause of a public display at the moment it appears is also omitted, causing the disastrous mining of funds and value from a copyright holder **BEFORE** it is found (posted in seconds) and before a “DMCA TakeDown Notice” is sent. Rather, a DMCA Takedown Notice of personal information sent to PIRATES!

The 9th Circuit in UMG v. Shelter didn’t omit it the second half of the (k)(1)(B) provision, but placed pluck language claiming if Congress wanted the definitions to be separate, they would have made it that way. CONGRESS DID MAKE IT THAT WAY! The legislative material says exactly that. See H.R. Rep. 105-551(II) at page 64 (“[t]his definition includes … ****providing Internet access****.” PERIOD

What would be 17 USC § 512(k)(1)(B) then? EarthLink that provides internet access and hosts websites. What would be 17 USC § 512(k)(1)(A)? Verizon. What would Google and YouTube be? Neither! A website, like YouTube, Google, or HotFile, cannot host a sub-directory of itself and then claim service provider status. CopyHype would then be a service provider. Clearly this God Blessed website is NOT a service provider. The company that hosts the WEBSITE and the URL (www.copyhype.com) is the service provider.

Companies like Google and YouTube know this mistake and are laughing their asses off at all of you. Look at what they are trying to do to authors today? Those attrition stealing Google pigs. Google deletes “Viacom vs. Google” in the title of Google Book Search for the HR-2281: And Then the DMCA Didn’t Apply on the Earth’s author. Purposely keeping an opinion away from everyone.

The film Philadelphia said it best “[He] couldn’t find his way through copyright law if [he] were given a map.” HotFile is not a service provider. They are a theft enterprise.

Well….time to read the HotFile ruling now. I just know what it will say. Those HotFile pigs. And the companies that financially facilitated them for many years are even bandits. Not one nickel of the fees stolen to finance HotFile’s theft of content belong to them. That is GRAND LARCENY. It doesn’t matter what they don’t know, what matters is how much money was funneled to them, where it ended up, and how can it be returned.

As soon as I read this in the article, “The DMCA applies to online service providers, which Hotfile clearly is,” I immediately thought of you and the steam that must be coming out of your ears at the very thought.

Hot File is NOT a service provider under 17 USC § 512(k)(1)(A)!!! I can’t believe the Plaintiffs are that stupid!!
The judge used (k)(1)(A)?? This is ridiculous! I thought (k)(1)(B) was going to be argued.

From the HotFile ruling at Page 40:
“The parties do not dispute that Hotfile qualifies as a service provider. See id.
17 USC § 512(k)(1)(A) (defining a “service provider” as ”an entity offering the transmission,
routing, or providing of connections for digital online communications, between or
am ong points specified by a user, of material of the user’s choosing, without
modification to the content of the material as sent or received.”).”
————————
End of paste

That is incontestible NOT TRUE!! HotFile doesn’t even provide Internet Access. They
are NOT a router, they have to receive SOFTWARE files through routers that host
HotFile, which is not HotFile at all. They are not a storage site, they receive a
copy of each and every file given to them. At the moment it is “shared”, that file
becomes a copy of itself again, it is NOT removed. They modify content instantly when
received; in fact, they receive only COPIES, not originals, and then send out another
copy of the copy that they received (see Capitol Records, LLC v. ReDigi, Inc.,
No. 12 CIV. 95 RJS, 2013 WL 1286134 at 5 (S.D.N.Y. Mar. 30, 2013).

But to claim that HotFile is a service provider under 17 USC § 512(k)(1)(A) and then
the movie studios NOT DISPUTING this is *****DISGUSTING*****!! I can instantly show
the case-law that overrules the (k)(1)(A) statute:

Perfect 10, Inc. v. CCBill, LLC, 488 F.3d 1102 (9th Cir. 2007)

“CCBill transmits credit card information and proof of payment, both of which are
“digital online communications”. However, [we] have little information as to how CCBill sends
the payment it receives to its account holders. It is unclear whether such payment is a digital
communication, transmitted without modification to the content of the material, or transmitted
often enough that CCBill is only a transient holder. On the record before us, we cannot conclude
that CCBill is a service provider [for qualification] under § 512(a). Accordingly, we remand to the
district court for further consideration the issue of whether CCBill meets the requirements of § 512(a).”

I told you, I knew what that HotFile ruling was going to say! Absolutley crazy to even
attempt to not dispute the service provider status. There is something NSA going on here.
To see courts unable to know the computer science, and then keep computer science silent
trying to explaing EXACTLY what it is.

Well, I hope HotFile gets shutdown pretty fast. Shall I write the list of HotFile-like
sites that are doing the same thing? There’s so many of them. Why? Because the
DMCA is being misconstrued and the US Media (with Google) keeps it quiet.

To think HotFile screws America outside America with the courts scratching their heads.
This is clearly coming from the top.

I think you are maybe 80 years too late with this (think New Deal, when the judicial system was turned into a puppet of the executive branch).

If the courts plainly interpreted what is written in of the law, the vast majority of the federal government wouldn’t exist. It’s obvious that the vast majority of roles of the modern federal government exceed basic constitutional authority (Department of Education? Seriously?). These days, it doesn’t matter what is actually written in the law, or the US Constitution for that matter.

About

Copyhype provides news and info on current developments relating to copyright law, the media industries, and the digital economy. It cuts through the hype to bring reasoned discussion aimed at both legal and nonlegal audiences.

Terry Hart is currently VP Legal Policy and Copyright Counsel at the Copyright Alliance. Any opinions expressed on this site remain his own and not necessarily those of his present or any past employers.